I'm using Vaadin 7.5.6, Vaadins Spring 1.0.0, the Vaadin4Spring Managed Security Extension 0.0.7-SNAPSHOT and Tomcat8.
Currently, I got a configuration class which implements the AuthenticationManagerConfigurer interface:
import java.util.List;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.vaadin.spring.security.annotation.EnableVaadinManagedSecurity;
import org.vaadin.spring.security.config.AuthenticationManagerConfigurer;
import com.vaadin.server.CustomizedSystemMessages;
import com.vaadin.server.SystemMessages;
import com.vaadin.server.SystemMessagesInfo;
import com.vaadin.server.SystemMessagesProvider;
import de.blume2000.kiss.hibernate.dto.User;
import de.blume2000.kiss.hibernate.services.UserService;
import de.blume2000.kiss.utils.EncryptionUtil;
@Configuration
@EnableVaadinManagedSecurity
public class SecurityConfiguration implements AuthenticationManagerConfigurer
{
@Autowired
UserService userService;
@Override
public void configure(AuthenticationManagerBuilder auth) throws Exception
{
List<User> users = userService.findAll();
if (users == null)
return;
for (User user : users)
{
String encryptedPassword = EncryptionUtil.decryptPassword(user.getPassword(), user.getSalt());
auth.inMemoryAuthentication().withUser(user.getUsername()).password(encryptedPassword).roles(user.getRole());
}
}
/**
* Provide custom system messages to make sure the application is reloaded when the session expires.
*/
@SuppressWarnings("serial")
@Bean
SystemMessagesProvider systemMessagesProvider()
{
return new SystemMessagesProvider()
{
@Override
public SystemMessages getSystemMessages(SystemMessagesInfo systemMessagesInfo)
{
CustomizedSystemMessages systemMessages = new CustomizedSystemMessages();
systemMessages.setSessionExpiredNotificationEnabled(false);
return systemMessages;
}
};
}
}
Now if the user did a login he has the option to edit his user account settings. This changes the user object in the database (e.g. the username for login). Now if he does a logout, i want the application to reload the userlist, so the user can use his new username. How is this possible?
Regards shinchillahh
In short, replace your in-memory authentication with DAO authentication.
Please note that in the example below UserDetailsService userService is the Spring core interface, and UserRepository userRepository is the DAO for your users (aka UserService userService in your example).
1. Configuration
@Configuration
public class Authorization extends GlobalAuthenticationConfigurerAdapter {
@Autowired
private UserDetailsService userService;
@Override
public void init(AuthenticationManagerBuilder auth) throws Exception {
auth.userDetailsService(userService).passwordEncoder(passwordEncoder());
}
@Bean
public PasswordEncoder passwordEncoder(){
return new BCryptPasswordEncoder();
}
}
2. Service providing user details
@Service
public class UserService implements UserDetailsService {
@Autowired
private UserRepository userRepository;
@Override
@Transactional(readOnly = true)
public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
User user = userRepository.findByUsername(username);
if (user == null) {
throw new UsernameNotFoundException(username);
}
return user;
}
}